Configure Risks in Attack Surface Management
One of the primary objectives of the Censys Attack Surface Management platform is to shrink your organization’s attackable surface area. The Attack Surface Management platform flags risks to draw your attention to vulnerable places.
Start by tuning risk default settings to fit your organization’s needs. Then investigate and remediate risks in your network to improve your security posture.
As Censys Attack Surface Management maps and monitors your attack surface, it detects more than 450 different risk types.
You can set each type’s default severity to fit your security policies and investigative priorities. You can disable a risk type if you don't want Censys Attack Surface Management to detect any instances of it.
Tip
Not all risks are enabled by default because not all customers want all risk types enabled. Review the risk types and decide what's right for your organization and your environment.
By default, at least these risk types are disabled:
-
Exposed AlienVault Secret
-
Exposed Azure Client ID or Tenant ID
-
Exposed CarbonInterface Secret
-
Exposed CloudFlare API Token
-
Exposed CloudFlare Global API Key
-
Exposed CloudImage Secret
-
Exposed CloudPlan Secret
-
Exposed CoinAPI Secret
-
Exposed Coinbase Secret
-
Exposed Confluent Secrets
-
Exposed DigitalOcean Secret Token
-
Exposed Fastly Personal Token
-
Exposed GitLab API Token
-
Exposed Heroku Secret
-
Exposed Hubspot API Key
-
Exposed IBM Cloud User Key
-
Exposed IEX Cloud Secret API Token
-
Exposed Kanban API Token
-
Exposed LaunchDarkly API Access Token
-
Exposed PagerDuty API Key
-
Exposed Terraform Cloud Personal Token
-
Exposed Typeform API Access Token
-
Host Not Present in VM Solution
-
Wildcard Certificate
Tip
You can't create a new risk type. But you can show or hide existing risk types to identify the risk types your organization cares about most. You can also change the risk type severity level to better suit your environment.
View Risk Types
Open Censys Attack Surface Management. Click Risks and then click Configure Risk Types. Here you can view all risk types that Censys Attack Surface Management detects.
Enable Risk Types
-
From the State list, select Disabled.
-
Scroll the list and find a risk type you want to enable for your environment.
-
Click the risk type. The risk type opens.
-
Do the following:
-
Click Enabled.
-
If needed, use the slider to change the Censys Recommended Severity to better suit your organization needs.
-
Critical: Indicates a severe risk which may result in compromise of the affected system or interruption of business objectives. Remediate critical risks as soon as possible.
-
High: Indicates a risk which can result in remote code execution or sensitive information disclosure. Prioritize high risks when creating a risk remediation roadmap.
-
Medium: Indicates a risk which can be exploited in combination with other vulnerabilities to perform an attack. Treat medium risks as standard priority on a risk roadmap.
-
Low: Indicates a vulnerability which can provide an attacker with some information about or access to the affected system. Deal with low risks at the lowest priority.
-
-
Make an optional note. While it's not required, it's helpful in the future to note what changed and why. These comments are viewed in the Change History for the selected risk type.
-
-
When you're done, click Save.
Disable Risk Types
-
From the State list, select Enabled.
-
Scroll the list and find a risk type you want to disable for your environment.
-
Click the risk type. The risk type opens.
-
Click Disabled. Make an optional note. While it's not required, it's helpful in the future to note what changed and why. These comments are viewed in the Change History for the selected risk type.
-
Click Save.
As you're refining your risk configurations, you can search, sort, and filter the risks based on when the risk was added to the Censys Attack Surface Management list of detections, Severity, Status, Category, Asset Type, and Edited Status. You can also sort risks by their prevalence in your attack surface.
Click View Only Edited Risks to refine the list to previously edited risks. Sort the columns to bring important rows to the top of your view.
Change Risk Severities to Match Your Organization's Risk Tolerance
You can customize the risk severity to suit your organization's needs. You can also disable the risk type entirely.
Select from the list to see details and remediation recommendations.
The Censys-recommended severity for each risk type is noted with the Recommended text. Use the Severity Selection menu to specify the severity classification that fits your organization’s policies. From highest to lowest, the options include:
-
Critical: Indicates a severe risk which may result in compromise of the affected system or interruption of business objectives. Remediate critical risks as soon as possible.
-
High: Indicates a risk which can result in remote code execution or sensitive information disclosure. Prioritize high risks when creating a risk remediation roadmap.
-
Medium: Indicates a risk which can be exploited in combination with other vulnerabilities to perform an attack. Treat medium risks as standard priority on a risk roadmap.
-
Low: Indicates a vulnerability which can provide an attacker with some information about or access to the affected system. Deal with low risks at the lowest priority.
The default severity set for a type is assigned to any instance of that risk type found on any of your assets.
After you configure your risk settings, open the Risks page to start investigating.
See this for a description of the risk categories article that the Attack Surface Management platform detects.
Comments
0 comments
Article is closed for comments.